SAPOPA SRL., with offices in Viale Trento 23, 36100 (VI) Vat registration, Tax Code and Business and Trade Registry number - IT 03527160240 – Economic and Administrative Index VI 332415 (hereinafter, the “Data Controller”), owner of the website https://www.sapopa.com (hereinafter, the “Site”), as Data Controller for processing the personal data of the users that navigate and are registered on the Site (hereinafter the “Users”) provides hereinafter privacy information pursuant to art. 13 of the Italian Legislative Decree 196/2003 (hereinafter the “Privacy Code”) and pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereafter, "Regulations", the Regulations and the Privacy Code DL 196/2003 where applicable are together defined as "Applicable Regulations").
This Site and the services offered through the Site are reserved for persons who have turned eighteen years of age. The Data Controller therefore does not collect personal data regarding persons under 18. At the request of Users, the Data Controller shall promptly delete all personal data involuntarily collected and regarding persons under 18.
The Data Controller has the utmost regard for Users’ right to privacy and to the protection of their personal data.
1. Purpose of data processing
User personal data shall be processed lawfully by the Data Controller pursuant to art. 6 of the Regulation for the following processing purposes:
Navigating the site, regarding the possibility of acquiring technically necessary User data, such as, for example, IP address, during navigation of the site.
Administration-accounting purposes, namely, to carry out organisational, administration, financial or accounting activities, as in-house organisational activities and those to fulfil contractual and pre-contractual obligations;
Legal obligations, namely to fulfil obligations as provided for by the law, by an authority, by a regulation or by European laws.
The granting of personal data for the purpose of processing as indicated above is optional but necessary, since failure to grant the same shall mean that the User may not use the site, register on the site and use the services offered by the Data Controller on the Site.
2. Other processing purposes: marketing and newsletter (sending advertising material, direct sale and commercial communication)
With the User’s free and optional consent, some of the User’s personal data (namely his/her name, surname, e-mail address, full shipping address etc..) may be processed by the Data Controller also for the purposes of marketing and newsletters (sending advertising material, direct sales, commercial communication, sending newsletters containing information and news regarding the Site’s business sector), or so that the Data Controller can contact the User by post, e-mail, telephone (fixed and/or mobile, using automated call systems or call systems with and/or without an operator) and/or SMS to propose to the User products and/or services offered by the Data Controller himself and/or by third party enterprises, present offers, promotions and business opportunities. In the absence of consent, the option of registering on the Site shall be in no way compromised.
In the case of consent, the User may at any time withdraw the same by making a request to the Data Controller using the methods indicated in paragraph 7 below.
The User may also easily object to further sending of promotional communications and newsletters by e-mail also by clicking on the special link present in each promotional email and newsletter to withdraw consent. Once consent has been withdrawn, the Data Controller shall send the User an e-mail confirming withdrawal of consent. Should the User want to withdraw his consent for receiving promotional communications by telephone, continuing however to receive promotional communications by e-mail, or vice-versa, he is invited to send a request to the Data Controller using the methods indicated in paragraph 7 below.
The Data Controller informs that, having exercised the right to oppose the sending of promotional communications and newsletters by e-mail, it is possible that, due to technical and operational reasons, (e.g. formation of contact lists completed shortly before the Data Controller receives the opposition request) the User may continue to receive some further promotional messages and newsletters. Should the User continue to receive promotional messages and newsletters after 24 hours have passed since exercising the right to oppose, please report the problem to the Data Controller, using the contacts indicated in paragraph 7 below.
3. Other data processing purposes: profiling
With the User’s free and optional consent, his/her personal data (that is, name and contact information, plus information regarding the services which the same has expressed an interest in) may be processed by the Data Controller also for profiling purposes, that is, to reconstruct the consumer tastes and habits of the User, identifying thus his consumer profile, in order to be able to send the User sales offers in keeping with the same. In the absence of consent, the option of registering on the Site shall be in no way compromised.
In the case of consent, the User may withdraw the same at any time by making a request to the Data Controller using the methods indicated in paragraph 7 below.
4. Processing methods and data storage times
The Data Controller shall process User personal data using manual and digital tools, in a manner strictly correlated to the purposes and, nonetheless, to guarantee the security and confidentiality of the same data. The Sites’ User personal data shall be stored for the time strictly necessary to carry out the primary purposes illustrated in the previous paragraph 1, or nonetheless according to that necessary to protect the interests of both the Users as well as the Data Controller in light of the Italian Civil Code.
In the cases referred to in the previous paragraph 3, the User personal data shall be stored for the time strictly necessary to carry out the purposes illustrated in the same and, in any case, within the limits pursuant to the Applicable Laws.
5. Legal basis for data processing
With reference to the purposes referred to in points (1/a and 1/c), the legal basis of the data processing is in fact the execution of the services provided through the Site and requested by you (pursuant to article 6, section 1, letter b of the Privacy Regulation 2016/679); as regards the optional purposes referred to in points (1/e, 1/f) and paragraphs 3 and 4, the legal basis for the processing is your freely expressed consent, if given (pursuant to article 6, section 1, letter a of the Privacy Regulation 2016/679); as regards the purposes referred to in points (1/b, 1/d), the legal basis of the processing is to fulfil a legal obligation to which the Data Controller is subject (pursuant to article 6, section 1, letter c of the Privacy Regulation 2016/679).
6. Scope of communication and diffusion of the data
Those who may be party to User personal data are the Data Controller’s employees and/or collaborators, employed to manage the Site. Such persons, who are formally appointed by the Data Controller as “persons in charge of processing”, they shall process the Users’ data solely for the purposes indicated in this statement and in compliance with the Applicable Laws.
User personal data may also be accessed by third parties who may process personal data on behalf of the Data Controller as “External persons in charge of processing”, who, by way of example, are providers of IT and logistics services for running the Site, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any persons in charge of the processing appointed by the Data Controller by making a request to the Data Controller using the methods indicated in paragraph 8 below.
7. Rights of the Data subjects
Users may exercise their rights guaranteed by the Applicable Laws by contacting the Data Controller as follows:
By sending a registered letter with return receipt to the registered office of the Data Controller
By sending an e-mail to the address email@example.com
Pursuant to the Applicable Laws, the Data Controller informs Users that they have the right to obtain indication (i) of the origin of the personal data; (ii) of the processing purposes and methods; (iii) of the logic applied in the case of processing using electronic tools; (iv) of the details of the Data Controller and the persons in charge; (v) of the subjects or subject categories to which the personal data may be communicated or who may access them as persons in charge.
Furthermore, Users have the right to:
a) access, update, rectify or, if interested, add to the data;
b) erase, transform into anonymous form or block any data processed illegally, including those that do not require storage for the purposes for which the data have been collected or subsequently processed;
c) certification that the operations referred to in letters a) and b), including their content, have been made known to those to whom the data have been communicated or distributed, except for the case in which such a requirement is impossible or involves the use of means clearly disproportionate to the right.
Furthermore, Users have:
a) the right to withdraw consent at any time, should processing depend on their consent;
b) the right to data portability (the right to receive all the personal data that concern them in a structured, commonly used and machine readable format), the right to limit the processing of their personal data and the right to their erasure (“right to be forgotten”);
c) the right to oppose:
i. fully or partially, on legitimate grounds, to the processing of their personal data, even if pertinent to the purpose of their collection;
ii. fully or partially, to the processing of their personal data for the purposes of sending advertising material or direct sales or to carry out market research or commercial communication;
iii. should the personal data be processed for direct marketing, at any time, to the processing of their data for such purpose, including profiling insofar as it is connected to such direct marketing.
d) Should they believe that the processing of their data is in breach of the Regulation, the right to make a complaint to a Supervisory Authority (in the State in which they normally reside, in which they work or in which the alleged breach occurred). The Italian Supervisory Authority is the Italian Data Protection Authority, with offices in Piazza di Monte Citorio no. 121, 00186 – Rome (http://www.garanteprivacy.it/).